Draft Agenda: Winter SSCA Forum

27 views

Skip to first unread message

McWhite, Rebecca A. (Fed)

unread,

Dec 19, 2024, 10:38:43 AM12/19/24

to SW.ASSURANCE, Federa...@list.nist.gov

Greetings all,

The next SSCA Forum will be held IN PERSON at MITRE, in McLean, VA, on January 28-29, 2025.

Our next SSCA Forum Meeting will be held in person at the MITRE McLean, VA campus on Tuesday, January 28th and Wednesday, January 29th.  Tentative agenda topics this session include 5G supply chain assurance, supplier and supply chain risk assessments, software acquisitions and SBOMs, as well as updates to NIST guidance. The working draft agenda is attached. We hope you can join us!  

Dates:  January 28-29, 2025
Location:  MITRE McLean, VA Campus 
Registration along with past agendas and presentations can be found at the SSCA Forum homepage: https://csrc.nist.gov/projects/cyber-supply-chain-risk-management/ssca

The SSCA Forum is held several times a year and it is FREE and OPEN to the public, though registration is required.

Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and on occasion, the General Services Administration (GSA). Participants represent a diverse group of career professionals from government, industry, and academia, including: chief information security officers, cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, and many more fields.

Thank you and Happy Holidays,

SSCA Team

Jan 2025 SSCA Forum Draft Program Agenda.pdf

Robert A Martin

unread,

Dec 19, 2024, 12:34:41 PM12/19/24

to di...@businesscyberguardian.com, McWhite, Rebecca A. (Fed), SW.ASSURANCE, Federa...@list.nist.gov, scrm-nist, swsupplychain-eo, SecureB...@cisa.dhs.gov, ICT_SCRM_Taskforce, Willers, Katharine

Hi Dick,

We had a very good discussion of the CRA in the Fall 2023 SSCA Forum – see agenda https://csrc.nist.gov/csrc/media/Projects/cyber-supply-chain-risk-management/documents/SSCA/ssca-forum-sept-2023-final-agenda.pdf

The links are clickable to get the PDF of the presentation by Tony Rutkowski from the Center for Internet

Security.

Of course time has moved on and an update could be useful.

Bob

From: Dick Brooks <di...@businesscyberguardian.com>
Date: Thursday, December 19, 2024 at 11:13 AM
To: 'McWhite, Rebecca A. (Fed)' <rebecca...@nist.gov>, 'SW.ASSURANCE' <sw.ass...@list.nist.gov>, Federa...@list.nist.gov <Federa...@list.nist.gov>
Cc: 'scrm-nist' <scrm...@nist.gov>, 'swsupplychain-eo' <swsupply...@nist.gov>, SecureB...@cisa.dhs.gov <SecureB...@cisa.dhs.gov>, 'ICT_SCRM_Taskforce' <ICT_SCRM_...@cisa.dhs.gov>, Robert A Martin <rama...@mitre.org>, 'Willers, Katharine' <Katharin...@cisa.dhs.gov>
Subject: [EXT] RE: [sw.assurance] Draft Agenda: Winter SSCA Forum

Rebecca, It’s great to see all the CISA related items on this agenda, especially the ICT_SCRM Task Force Software Acquisition Guide practices for Secure by Design. At some point, would it be possible to cover the EU-CRA law that is now approved.

Rebecca,

It’s great to see all the CISA related items on this agenda, especially the ICT_SCRM Task Force Software Acquisition Guide practices for Secure by Design.

At some point, would it be possible to cover the EU-CRA law that is now approved. Many open-source and commercial software producers in the US maybe affected by the EU-CRA’s Software Supply Chain Risk Management obligations?

Feel free to reach out if you would like more info.

Business Cyber Guardian is both an open-source and commercial software developer/producer and will likely be affected by the EU-CRA.

Thanks,

Dick Brooks

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

Never trust software, always verify and report! ™

Risk always exists, but trust must be earned and awarded.™

https://businesscyberguardian.com/

Email: di...@businesscyberguardian.com

Tel: +1 978-696-1788

--
To unsubscribe from this group, send email to sw.assurance...@list.nist.gov
View this message at https://list.nist.gov/sw.assurance
To unsubscribe from this group and stop receiving emails from it, send an email to sw.assurance...@list.nist.gov.

Reply all

Reply to author

Forward

0 new messages